summaryrefslogtreecommitdiff
path: root/bzlib.h (unfollow)
Commit message (Collapse)AuthorFilesLines
2019-06-27Prepare for 1.0.7 release.bzip2-1.0.7Mark Wielaard1-1/+1
2019-06-25Add prepare-release.sh script.Mark Wielaard6-26/+86
Script to run to prepare a new release. It will update the release number and tell you to update the CHANGES file and to double check everything looks before doing the release commit and tagging. Afterwards you probably want to run release-update.sh to upload the release and update the website at https://sourceware.org/bzip2/ There are embedded version strings and dates in a couple of places. To keep the script simple remove some that aren't absolutely necessary. README now just points to CHANGES. README.COMPILATION.PROBLEMS only mentions the version once at the top. bzip2.c only mentions the version once when doing --version. manual.xml now doesn't have any embedded versions, just uses &bz-version; everywhere.
2019-06-24Change a magic number (6) for a constant (BZ_N_GROUPS).Federico Mena Quintero1-1/+1
decompress.c (BZ2_decompress): Check nGroups against BZ_N_GROUPS.
2019-06-24Make sure nSelectors is not out of rangeAlbert Astals Cid1-1/+1
nSelectors is used in a loop from 0 to nSelectors to access selectorMtf which is UChar selectorMtf[BZ_MAX_SELECTORS]; so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory access Fixes out of bounds access discovered while fuzzying karchive This was reported as CVE-2019-12900 BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
2019-06-24Fix undefined behavior in the macros SET_BH, CLEAR_BH, & ISSET_BHPaul Kehrer1-3/+3
These macros contain this pattern: 1 << ((Int32_value) & 31 This causes the undefined behavior sanitizers in clang and gcc to complain because the shift, while ultimately stored to an unsigned variable, is done as a signed value. Adding a cast to unsigned for the int32 value resolves this issue.
2019-06-24bzip2: Fix return value when combining --test,-t and -q.Mark Wielaard1-6/+8
When passing -q to get quiet output --test would not display an error message, but would also suppress the exit 2 code to indicate the file was corrupt. Only suppress the error message with -q, not the exit value. This patch comes from Debian. "bunzip2 -qt returns 0 for corrupt archives" https://bugs.debian.org/279025
2019-06-24bzip2recover: Fix use after free issue with outFile.Mark Wielaard1-0/+1
bzip2recover.c (main): Make sure to set outFile to NULL when done. This was reported as CVE-2016-3189 and found in multiple distributions. https://seclists.org/oss-sec/2016/q2/568 Some more analysis can be found in: https://bugzilla.redhat.com/show_bug.cgi?id=1319648
2019-06-24bzip2recover: Fix buffer overflow for large argv[0].Mark Wielaard1-1/+2
bzip2recover.c (main) copies argv[0] to a statically sized buffer without checking whether argv[0] might be too big (> 2000 chars). This patch comes from Fedora and was originally reported at https://bugzilla.redhat.com/show_bug.cgi?id=226979
2019-06-23bzip2.c (testStream): Remove set, but not used nread variable.Mark Wielaard1-2/+2
Modern GCC warns: bzip2.c: In function ‘testStream’: bzip2.c:557:37: warning: variable ‘nread’ set but not used [-Wunused-but-set-variable] Int32 bzerr, bzerr_dummy, ret, nread, streamNo, i; ^~~~~ GCC is correct. In testStream we don't care about the number of bytes read by BZ2_bzRead. So just remove the variable and the assignment.